Is there any chance of changing the default snap length of tcpdump to
be a few bytes bigger ? With pf on RELENG_7, the default of 96
is too short now. So doing just a
# tcpdump -nei pflog0
tcpdump: WARNING: pflog0: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on pflog0, link-type PFLOG (OpenBSD pflog file), capture
size 96 bytes
06:50:57.651128 rule 7/0(match): pass in on bge0:
190.73.138.253.2020 > xx.7.141.12.25: tcp 28 [bad hdr length 0 - too
short, < 20]
Going to -s100 seems to be a safe value and avoids the "bad header" errors.
---Mike
--------------------------------------------------------------------
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, [EMAIL PROTECTED]
Providing Internet since 1994 www.sentex.net
Cambridge, Ontario Canada www.sentex.net/mike
_______________________________________________
freebsd-pf@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
